The Red Hat Security Response Team has rated this update as having moderatesecurity impact. Common Vulnerability Scoring System (CVSS) base scores,which give detailed severity ratings, are available for each vulnerabilityfrom the CVE links in the References section.

This update fixes several vulnerabilities in the MySQL database server.Information about these flaws can be found on the Oracle Critical PatchUpdate Advisory page, listed in the References section. (CVE-2012-0075,CVE-2012-0087, CVE-2012-0101, CVE-2012-0102, CVE-2012-0114, CVE-2012-0484,CVE-2012-0490)

These updated packages upgrade MySQL to version 5.0.95. Refer to the MySQLrelease notes for a full list of changes:

The Red Hat Security Response Team has rated this update as having moderatesecurity impact. Common Vulnerability Scoring System (CVSS) base scores,which give detailed severity ratings, are available for each vulnerabilityfrom the CVE links in the References section.

The glibc packages contain the standard C libraries used by multipleprograms on the system. These packages contain the standard C and thestandard math libraries. Without these two libraries, a Linux system cannotfunction properly.

An integer overflow flaw, leading to a heap-based buffer overflow, wasfound in the way the glibc library read timezone files. If acarefully-crafted timezone file was loaded by an application linked againstglibc, it could cause the application to crash or, potentially, executearbitrary code with the privileges of the user running the application.(CVE-2009-5029)

A flaw was found in the way the ldd utility identified dynamically linkedlibraries. If an attacker could trick a user into running ldd on amalicious binary, it could result in arbitrary code execution with theprivileges of the user running ldd. (CVE-2009-5064)

An integer overflow flaw, leading to a heap-based buffer overflow, wasfound in the way the glibc library loaded ELF (Executable and LinkingFormat) files. If a carefully-crafted ELF file was loaded by anapplication linked against glibc, it could cause the application to crashor, potentially, execute arbitrary code with the privileges of the userrunning the application. (CVE-2010-0830)

It was found that the glibc addmntent() function, used by various mounthelper utilities, did not handle certain errors correctly when updating themtab (mounted file systems table) file. If such utilities had the setuidbit set, a local attacker could use this flaw to corrupt the mtab file.(CVE-2011-1089)

A denial of service flaw was found in the remote procedure call (RPC)implementation in glibc. A remote attacker able to open a large number ofconnections to an RPC service that is using the RPC implementation fromglibc, could use this flaw to make that service use an excessive amount ofCPU time. (CVE-2011-4609)

Red Hat would like to thank the Ubuntu Security Team for reportingCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The UbuntuSecurity Team acknowledges Dan Rosenberg as the original reporter ofCVE-2010-0830.

Users should upgrade to these updated packages, which resolve these issues.

4. Solution:

Before applying this update, make sure all previously-released erratarelevant to your system have been applied.

The Red Hat Security Response Team has rated this update as having moderatesecurity impact. Common Vulnerability Scoring System (CVSS) base scores,which give detailed severity ratings, are available for each vulnerabilityfrom the CVE links in the References section.

It was discovered that the fix for CVE-2011-3368 (released viaRHSA-2011:1391) did not completely address the problem. An attacker couldbypass the fix and make a reverse proxy connect to an arbitrary server notdirectly accessible to the attacker by sending an HTTP version 0.9 request,or by using a specially-crafted URI. (CVE-2011-3639, CVE-2011-4317)

The httpd server included the full HTTP header line in the default errorpage generated when receiving an excessively long or malformed header.Malicious JavaScript running in the server's domain context could use thisflaw to gain access to httpOnly cookies. (CVE-2012-0053)

An integer overflow flaw, leading to a heap-based buffer overflow, wasfound in the way httpd performed substitutions in regular expressions. Anattacker able to set certain httpd settings, such as a user permitted tooverride the httpd configuration for a specific directory using a".htaccess" file, could use this flaw to crash the httpd child process or,possibly, execute arbitrary code with the privileges of the "apache" user.(CVE-2011-3607)

A flaw was found in the way httpd handled child process status information.A malicious program running with httpd child process privileges (such as aPHP or CGI script) could use this flaw to cause the parent httpd process tocrash during httpd service shutdown. (CVE-2012-0031)

All httpd users should upgrade to these updated packages, which containbackported patches to correct these issues. After installing the updatedpackages, the httpd daemon will be restarted automatically.

4. Solution:

Before applying this update, make sure all previously-released erratarelevant to your system have been applied.

The Red Hat Security Response Team has rated this update as having moderatesecurity impact. Common Vulnerability Scoring System (CVSS) base scores,which give detailed severity ratings, are available for each vulnerabilityfrom the CVE links in the References section.

The glibc packages contain the standard C libraries used by multipleprograms on the system. These packages contain the standard C and thestandard math libraries. Without these two libraries, a Linux system cannotfunction properly.

An integer overflow flaw, leading to a heap-based buffer overflow, wasfound in the way the glibc library read timezone files. If acarefully-crafted timezone file was loaded by an application linked againstglibc, it could cause the application to crash or, potentially, executearbitrary code with the privileges of the user running the application.(CVE-2009-5029)

A flaw was found in the way the ldd utility identified dynamically linkedlibraries. If an attacker could trick a user into running ldd on amalicious binary, it could result in arbitrary code execution with theprivileges of the user running ldd. (CVE-2009-5064)

It was discovered that the glibc addmntent() function, used by variousmount helper utilities, did not sanitize its input properly. A localattacker could possibly use this flaw to inject malformed lines into themtab (mounted file systems table) file via certain setuid mount helpers, ifthe attacker were allowed to mount to an arbitrary directory under theircontrol. (CVE-2010-0296)

An integer overflow flaw, leading to a heap-based buffer overflow, wasfound in the way the glibc library loaded ELF (Executable and LinkingFormat) files. If a carefully-crafted ELF file was loaded by anapplication linked against glibc, it could cause the application to crashor, potentially, execute arbitrary code with the privileges of the userrunning the application. (CVE-2010-0830)

It was discovered that the glibc fnmatch() function did not properlyrestrict the use of alloca(). If the function was called on sufficientlylarge inputs, it could cause an application using fnmatch() to crash or,possibly, execute arbitrary code with the privileges of the application.(CVE-2011-1071)

It was found that the glibc addmntent() function, used by various mounthelper utilities, did not handle certain errors correctly when updating themtab (mounted file systems table) file. If such utilities had the setuidbit set, a local attacker could use this flaw to corrupt the mtab file.(CVE-2011-1089)

It was discovered that the locale command did not produce properly escapedoutput as required by the POSIX specification. If an attacker were able toset the locale environment variables in the environment of a script thatperformed shell evaluation on the output of the locale command, and thatscript were run with different privileges than the attacker's, it couldexecute arbitrary code with the privileges of the script. (CVE-2011-1095)

An integer overflow flaw was found in the glibc fnmatch() function. If anattacker supplied a long UTF-8 string to an application linked againstglibc, it could cause the application to crash. (CVE-2011-1659)

A denial of service flaw was found in the remote procedure call (RPC)implementation in glibc. A remote attacker able to open a large number ofconnections to an RPC service that is using the RPC implementation fromglibc, could use this flaw to make that service use an excessive amount ofCPU time. (CVE-2011-4609)

Red Hat would like to thank the Ubuntu Security Team for reportingCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The UbuntuSecurity Team acknowledges Dan Rosenberg as the original reporter ofCVE-2010-0830.

This update also fixes the following bug:

* When using an nscd package that is a different version than the glibcpackage, the nscd service could fail to start. This update makes the nscdpackage require a specific glibc version to prevent this problem.(BZ#657009)

Users should upgrade to these updated packages, which resolve these issues.

4. Solution:

Before applying this update, make sure all previously-released erratarelevant to your system have been applied.